A vulnerability affecting the Cosmos ecosystem and Ethermint was recently discovered by Jump Crypto and blocked before it could cause significant damage. Ethermint, which enables the use of Ethereum smart contracts within the Cosmo ecosystem, was the affected network. The bug could have allowed an attacker to bypass specific smart contract functions and steal transaction fees, leading to denial of service to users. The Evmos Core Development team and the Cronos team collaborated with Jump Crypto to address the issue, including a patch to block transactions with certain messages to eliminate the attack vector. No malicious exploitation occurred, and the Cronos team awarded Jump Crypto a $25,000 bounty for their discovery. The root cause of the vulnerability was improper handling of transactional messages in Ethermint's implementation, specifically the interaction between two message types. The attacker exploited the vulnerability by embedding one message type inside another, bypassing a security feature responsible for deducting gas fees from transactions.